Embed Size (px)
Citation preview
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
1
Considerations for a Corporate
Data IntegrityProgram
(What’s So Funny ‘Bout) Part 11 and Data Integrity
John AvellanetManaging DirectorCerulean Associates LLC3 June 2014
Acknowledgementspaul harder
karen campbellcathleen owen
andy villersakos barthadan o’leary
nancy singerdarlene strauss
tom lillejon arakangasludwig hubermary durham
george smith, jr.ted treece
martin browningleigh strickerjim roberts
jackie cassadamai nguyen
wendy goretskisteve wilson
2
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
2
Agenda
data integrity lifecycle
eight steps to take
3
This is not legal advice. Information in this presentation draws upon a variety of sources, including published enforcement letters, personal experiences, interviews and research, all or any of which may or may not have been prepared or
conducted by Cerulean Associates LLC. Cerulean Associates LLC does not provide a warranty concerning the accuracy of the information contained in this presentation. The contents of this presentation are intended for general information only
and should not be construed as legal advice. Cerulean Associates LLC assumes no liability for actions taken or not taken as a result of the information in this presentation. This presentation is copyrighted 2014 by Cerulean Associates LLC.
Helpful Reference Materials
4
available for download (until June 20th) at www.ceruleanllc.com/ISPE
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
3
Postmarket Adverse Event Data
From § 314.80(i) Recordkeeping
“The applicant shall maintain for a period of 10 years records of all adverse drug experiences known to the applicant, including raw data and any correspondence relating to adverse drug experiences.”
5
2024
2039
2043
2014 2019 2024 2029 2034 2039 2044 2049
FDA
Health Canada
EMA
6
(AE+10yrs)
(AE+25yrs)
(active market authorization+10yrs)
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
4
2024
2039
2043
2014 2019 2024 2029 2034 2039 2044 2049
FDA
Health Canada
EMA
7
(AE+10yrs)
(AE+25yrs)
(active market authorization+10yrs)
ALCOA+ controls across data lifespan(attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, available)
25 years
29+ years
10 years
Translation:Data integrity controls cover the life of the data
not the life of any one system
8
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
5
Data Integrity Lifecycle
9
CreationCreationProcessing
Manipulation
Processing
Manipulation
Semi‐Active Storage
(or transmittal)
Semi‐Active Storage
(or transmittal)
Long‐Term Archival
Long‐Term Archival
Data Integrity Lifecycle
10
CreationCreationProcessing
Manipulation
Processing
Manipulation
Semi‐Active Storage
(or transmittal)
Semi‐Active Storage
(or transmittal)
Long‐Term Archival
Long‐Term Archival
What are your ALCOA+ controls for 10, 25, 29+ Years?
Ex: what are your data chain‐of‐custody controls across vendors, sites, etc. for 10, 25, 29+ years?Ex: what are your data chain‐of‐custody controls across vendors, sites, etc. for 10, 25, 29+ years?
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
6
Eight Step Process
1
2
3
4
5
6
7
8
assemble a core team
educate the team
develop overall strategy
data map to define controls
verify vendor compliance
prioritize and implement
monitor, measure and audit
re‐evaluate and revise
11
Assemble a Core Team
• quality
• IT
• records management
• legal (or corporate compliance)
• functional representatives (mfg., clinical, etc.)
12
and maybe…• regulatory affairs• validation• vendor management• audit
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
7
Example: Senior Management
• Show them recent, sample enforcement actions that have humiliated other firms
• Explain how data integrity simply asks
“Can the agency trust our data?”
• Discuss how a data lifecycle‐focus can help limit the scope and cost (and avoid Part 11 mistakes of the past)
• Review the costs of poor data integrity
• 3rd most common reason for a delayed or rejected submission
• untrustworthy product release records lead to public recall
• 5th most common warning letter – and attendant loss of revenue
13
Educate the Team
• In‐person workshops
• Webinars
• Consider combining with a data integrity gap analysis
– discuss results in workshop (or use workshop to lay the groundwork for expected audit results)
– make sure gap analysis covers all four data lifecycle stages!
14
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
8
Develop Overall Strategy
• Overall principles
• Roadmap
• Roadmap deliverables
• Progress to date
• Leveraged resources
• Team roles
• Financials
• Metrics for success
15
Example: Leverage Your RRS
Other considerations:• data “owner” or steward• process or equipment that produces the data• if data is created/held on your behalf by a vendor
16
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
9
Data Map to Define Controls
17
Example: Data Archival
18
sticky‐shed syndrome(moisture or oxide shedding)
bit‐rot (data degradation)
software‐rot(dormant v. active)
disc‐rot(chemical degradation)
rodents (physical damage)
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
10
Verify Vendor Compliance
• conduct audits
• look for undocumented data “review” points, etc.
• incorporate controls into contracts and quality/technical agreements
• ALWAYS verify what will happen to your data at vendor after transfer to your possession
19
Prioritize and Implement
• Use risk assessment techniques to prioritize
• Consider using risk to define control depths
• Track progress on a site‐by‐site basis
20
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
11
Monitor, Measure & Audit
• verify departmental compliance with policies (annually)
• verify vendor compliance rates
• conduct periodic fire drills of DR backups and long‐term archives
• combine with internal quality audits
21
• rigorous sampling (c=0)
• review NARA sampling standard (36 CFR §1234.30) for e‐media
Example: Calibrate Benefits
22
32%reduction in product liability litigation costs
Sources:The Information Management Journal, March/April 2013
Norton Rose Fulbright LLP’s Litigation Trends Survey, October 2011Biopharmaceuticals: Biochemistry and Biotechnology, Gary Walsh, 2003
save up to $438,000 per year
lower validation costs by 30%
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
12
Re-Evaluate and Revise
• Quality Systems Management Review (QSMR)
• Annual Product Review (APR)
• End of a clinical trial (or end of each phase)
• After an independent data integrity audit
23
Key Point Review
Integrity risks are persistent thru data lifecycle
ALCOA+ runs from data creation to disposition
Core team must be cross‐functional
Educate the team – do not assume knowledge
Use the simplified 8‐step process to start
Mix automated, procedural, vendor controls
Leverage your corporate RRS to narrow scope
Continuously audit and revise to improve
24
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
13
Kick-Start Your Data Integrity
25
1. Download the helpful reference material at www.ceruleanllc.com/ISPE (until June 20th)• Checklist: Departmental Steps Taken to Maintain Data Integrity
• Article: 21 CFR 11 Enforcement – Where is the FDA Headed?
• Article: Electronic Archiving – a 100 Year Experiment
2. Identify four functional leaders in your organization who work in the data lifespan and invite them to your core team
3. Review the key points covered in this presentation with your core team
4. Talk through the helpful reference material with your team
5. Verify your organization has a (relatively) recent RRS
About Your PresenterJohn Avellanet gives practical, compliance solutions to simplify and streamline compliance for clients around the world. Winner of the 2009 & 2011 Best of Business Services award by the Small Business Commerce Association, Mr. Avellanet has earned international acclaim for his business-savvy, pragmatic FDA compliance and data integrity advice.
His latest book, Get to Market Now! Turn FDA Compliance into a Competitive Edge, was featured at BIO 2011 and has garnered multiple five-star reviews from industry publications, blogs, Amazon.com readers, and former FDA officials.
He has a breadth of experience designing, implementing, and being accountable for quality systems and compliance programs for FDA, DEA, ICH, BIS, GHTF, and ISO. For more than 15 years, John was directly accountable for regulatory compliance, records management, and information technology, most recently as a C-level executive for a Fortune 50combination device subsidiary.
In 2006, Mr. Avellanet founded his independent lean compliance consulting and training firm, Cerulean Associates LLC.
www.ceruleanllc.com
26
ISPE-FDA 3rd Annual CGMP Conference2 – 4 June 2014Baltimore, MD
14
About Your PresenterRecent Resume Highlights• Lead author of 2 certification courses for US RAPS• IRO for Dr. Comfort Corporate Integrity Agreement• Member, ISPE GAMP Data Integrity Working Group• 2010 and 2011 Top 10 FDA Compliance Blog• 2010 Top 50 Pharma/Biotech Blog• 2009 and 2011 US Best of Business Services Award• 2008-2012 Guest Lecturer at NIH• 2006 Lifetime Achievement Award – Who’s Who of
Biopharma & Device Executives
FDA Lean Compliance Services• Streamline SOPs and policies• Simplify Part 11 and data integrity compliance• Perform audits for compliance and cost-effectiveness• Develop FDA recordkeeping policies• Conduct private training and corporate workshops• Serve as consent decree IRO and litigation support
www.ceruleanllc.com
27
Picture Credits
Photos, images and clip art that appear on these slides have been used to enhance this presentation and may NOT be used for commercial or promotional purposes without permission from copyright holders.
Do not remove or copy from this presentation.
Contact:iStockphoto.com
FotoliaMicrosoft CorporationPhonogrammarchive
Cerulean Associates LLC
28
